OpenVPN works fine when using a self generated CA and Certificates, the issue however is that we want to use our own CA and certificates, and this doesnt seem to work. The issue seems to be that at SwissSign the server certificate and the user certificate are made from their respective intermediate CA (the intermediate CA is however made from the same root CA), so opnsense/openvpn seems to think that there is a mismatch.

Does anyone know if there is anything that can be configured to make it work ?

I tried both ways. Full chain and only intermediate, that didnt seem to make a difference I mean I imported the CA and then imported the intermediate as well, and in the intermediate I tried to enter only the intermediate CA and both the CA and intermediate.

I noticed one difference between the self cert and the SwissSign one in the opnsense gui, in System, Trust, Certificates, the self cert mentions: CA:No, Server: Yes and the SwissSign mentions: CA:No, Server No

I did some more tries, so apparently if you enter both the server and user intermediate CA in an Authority its only going to read the first one, so you have to create two Intermediate CA's and thats why it sees them as a mismatch.

The issue here, as mentioned, is that at SwissSign they use the same root CA, but a dedicated Intermediate CA for Servers and one for users, so two different intermediate CA's, and this doesnt seem to work.